Support NeoGAF

[Burger]

By Byron Acohido and Jon Swartz, USA TODAY
SAN FRANCISCO — Surfing the Web has never been more risky.

Simply connecting to the Internet — and doing nothing else — exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously.

While most break-in tries fail, an unprotected PC can get hijacked within minutes of accessing the Internet. Once hijacked, it is likely to get grouped with other compromised PCs to dispense spam, conduct denial-of-service attacks or carry out identity-theft scams.

Those are key findings of a test conducted by USA TODAY and Avantgarde, a San Francisco tech marketing and design firm. The experiment involved monitoring six "honeypot" computers for two weeks — set up to see what kind of malicious traffic they would attract. Once breached, the test computers were shut down before they could be used to attack other PCs.

http://www.usatoday.com/money/industries/technology/2004-11-29-honeypot_x.htm

Scary stuff. I did a fresh install of XP SP1 the other day, connected to internet and got SP2 as fast as possible. Luckily it was behind a secure hardware firewall, otherwise...

If you had a PC with a cable modem or DSL or whatever, but no hardware firewall/router, what could you do ??

 

[Sriram]

Wasnt there a fix for this? Im about to do a SP1 install so It be great to know how to stop this. Or have the SP2 bugs been ironed out yet?

 

[fart]

wow, "six 'honeypot' computers"!!!! that's some rigorous scientific research right there.

 

[Naked Snake]

*looks at streamlined SP2 XP CD*

 

[dskillzhtown]

Wasnt there a fix for this? Im about to do a SP1 install so It be great to know how to stop this. Or have the SP2 bugs been ironed out yet?

I know SP2 had an update not too long ago. But I never had any problems. I have the router/firewall and software firewall and Internet Security software. I also run Ad-Aware about 3 times a week. I am paranoid.

 

[aaaaa0]

Safe procedure for installing XP pre-SP2:

1. Unplug the network cable.
2. Install XP.
3. Turn on the built in firewall.
4. Plug the network cable back in.
5. Go to Windows Update and install SP2.

 

[Vormund]

Yeah basically next time you reinstall windows just unplug the cable, and replug it in when all your firewall and virus scanners are installed.

works for me.

 

[Grimlock]

You can just download SP2 before reformatting, then burn it off on a CD-R or do a streamline install disc. BTW, if you have a Pentium 4 or a Celeron D, you might wanna look at this first, 'cause this thing can be a royal headache-trust me on that.

 

[Phoenix]

I tried to update my XP box from SP1 to SP2 and it kept crashing (blue screen during the upgrade) so I stopped trying.

 

[Lyte Edge]

Is it "safe" to use SP2 yet? I still haven't bothered installing it.

 

[Phoenix]

Is it "safe" to use SP2 yet? I still haven't bothered installing it.

If you can actually get it to install and have your machine actually boot the OS afterwards, its proven to be mostly safe. The problem has been getting to that point. Many people who have successfully installed SP2 reboot their machines only to have them blue screen, lockup, or enter a reboot loop. However many others have installed it with no issues whatsoever. Roll the dice

 

[aaaaa0]

If you can actually get it to install and have your machine actually boot the OS afterwards, its proven to be mostly safe. The problem has been getting to that point. Many people who have successfully installed SP2 reboot their machines only to have them blue screen, lockup, or enter a reboot loop. However many others have installed it with no issues whatsoever. Roll the dice

When it bluescreened your machine, did it make a crashdump? I can look in it and see what maybe caused that.

 

[Phoenix]

When it bluescreened your machine, did it make a crashdump? I can look in it and see what maybe caused that.

Yeah it said it was dumping memory to disc. Just lemme know where you want me to send it and I'll send it to you. For me, it was insistent on not being installed and my machine was running well enough without it (I was more annoyed by the damn reminder in the systray) so I didn't press the issue.

 

[Lyte Edge]

I do have everything crucial backed up, but I don't really feel like going through a complete reinstall if it fucks up. Oh well. :\

 

[aaaaa0]

Yeah it said it was dumping memory to disc. Just lemme know where you want me to send it and I'll send it to you. For me, it was insistent on not being installed and my machine was running well enough without it (I was more annoyed by the damn reminder in the systray) so I didn't press the issue.

There are a lot of security fixes under the covers in SP2 beyond the ones well publicised. (Some of which were responsible for breaking compatibilty.)

For every exploit you hear about, there are probably 10 possible exploits that got fixed in SP2 before anyone else found them. (Not to say MS managed to fix them all, after all it's a truism in software that something always manages to slip through testing.)

Just zip it up and stick it on an ftp site, PM the login, and I'll take a look.

Is it a minidump or full dump?

 

[mj1108]

Running SP2 here with no problems.

*knock on wood*

 

[B'z-chan]

Question to the gods of Xp installers in this thread. I got a new drive (main boot drive) that Needs to have LBA 48 turned on, i have one windows Xp home disc (pre service pack) I just burned a Xp Pro with SP, but obviously (No serial, and i aint asking) i cant use it. But in order to get LBA 48 turned on so i can use my drive to the fullest i need a patch and i need some help on figuring this out. Cause right now my drive is only showing 3.7 gb's of space when its got a lot more. Freaking Controler Card was a bitch to update but i did that so i'm up to date there. So i should have no problems. Anyone got some help for me?

And i will contest that when i came on the net with my unprotected original Xp Home all kinds of shit went crazy and i became zombified. But now i've worked it out, got on the firewall band wagon.

 

[Phoenix]

There are a lot of security fixes under the covers in SP2 beyond the ones well publicised. (Some of which were responsible for breaking compatibilty.)

For every exploit you hear about, there are probably 10 possible exploits that got fixed in SP2 before anyone else found them. (Not to say MS managed to fix them all, after all it's a truism in software that something always manages to slip through testing.)

Just zip it up and stick it on an ftp site, PM the login, and I'll take a look.

Is it a minidump or full dump?

I dunno, tell me where it dumped it to I just know that it said that it was dumping when I came back to check on it.

 

[aaaaa0]

I dunno, tell me where it dumped it to I just know that it said that it was dumping when I came back to check on it.

If it's a full or kernel dump, it'll most likely be the file named [x:\Windows\memory.dmp].
If it's a minidump, it'll most likely be in [x:\Windows\Minidump\].

(where x: is your windows drive.)

A full or kernel dump is the most useful, but those are big.

A minidump only has the stack dump of the crashing thread, so it's not as useful, but it might have enough info to go on.

 

[Hitokage]

I had my computer hacked into a couple years ago when I was dumb enough to leave an anonymous ftp server open. They fucked around a bit, wiped the logs, but didn't destroy anything important.

Protip: Know what ports you have open, and whether or not you want them that way.

 

[aaaaa0]

In the interests of full disclosure, I'd also like to point out when you send someone a kernel or full dump (not minidump), you're effectively trusting them with any security critical data that may have been in kernel memory at the time the dump was written.

This means things like the registry, SAM (which could potentially contain your login username and password), your hardware configuration, what apps you were running, etc.

If you still want me to look at it, send a PM.

---

The Windows System Crash Reporting thing only sends a minidump, and a minidump only contains a stack trace of the thread that died, so it's substantially less likely to reveal anything security critical. Despite this, it is opt-in and you have to say that it is ok to send a crash report before it does so (and it warns you of this of course). It also transmits the information via SSL, so it's not sent in the clear.

BTW the same caution also applies to the Firefox crash feedback thingy as well.

 

[Brotherman]

Pretty much any Windows NT based machine without a minimum amount of patching over the newest service pack will be infected by virii in minutes. As mentioned earlier, the best thing to do in install your firewall and your antivirus software, and patch up your system as much as possible before letting it go online. Once you do go online, immediately update your anti-virus and head to Windows update.

 

[iapetus]

Protip: Know what ports you have open, and whether or not you want them that way.

You don't want any ports open.

 

[iapetus]

wow, "six 'honeypot' computers"!!!! that's some rigorous scientific research right there.

What exactly are you complaining about? AFAICT, the honeypot computers were straight out-of-the-box installs, connected to the Internet. What's wrong with this from the point of view of 'rigorous scientific research'?

 

[aaaaa0]

You don't want any ports open.

Depends. If you actually DO run a personal web server for example, you do want port 80 open.

 

[ZombieSupaStar]

hmm


I always leave my cable plugged in when I reinstall



then again im behind a router with built in firewall


am I still at risk?

 

[aaaaa0]

hmm

I always leave my cable plugged in when I reinstall

then again im behind a router with built in firewall

am I still at risk?

You're probably ok if your router has a firewall.

To be safe, I'd unplug though, or make a slipstream XP SP2 CD.

 

[iapetus]

Depends. If you actually DO run a personal web server for example, you do want port 80 open.

No, you still don't want port 80 open. You just have to have it open.

It's actually a pretty good rule to go by most of the time. No ports open by default, and just explicitly open the few you need as you go on.

 

[ZombieSupaStar]

yeah its got a firewall,


its annoying crap too because my ip will change sometimes from 100 to 101

so when I notice all my progs not functioning I get to log into my router, its like a video game!

 

[Bregor]

The NAT bridge on nearly all routers will provide better protection than any software firewall- as long as it is properly configured with all ports closed.

 

[jobber]

Well I have 1 port open for a program. Ironically, I couldn't connect to the program before SP2. Anywho, I installed it and my only problem is that it restarts my machine even if I tell it not to after it downloads updates.

 

[Azih]

How much security does a router firewall provide?

 

[Teddman]

This is pretty much true. I believe it's what happened to me when I first connected my laptop to the web:

http://www.ga-forum.com/showthread.php?t=11193

I run Zone Alarm now...